Vulnerabilities > Pacman Project > Pacman > 3.3.3

DATE CVE VULNERABILITY TITLE RISK
2020-02-24 CVE-2019-18183 OS Command Injection vulnerability in multiple products
pacman before 5.2 is vulnerable to arbitrary command injection in lib/libalpm/sync.c in the apply_deltas() function.
network
low complexity
pacman-project fedoraproject CWE-78
critical
 9.8
9.8
2020-02-24 CVE-2019-18182 OS Command Injection vulnerability in multiple products
pacman before 5.2 is vulnerable to arbitrary command injection in conf.c in the download_with_xfercommand() function.
network
low complexity
pacman-project fedoraproject CWE-78
critical
 9.8
9.8
2019-03-11 CVE-2019-9686 Path Traversal vulnerability in Pacman Project Pacman
pacman before 5.1.3 allows directory traversal when installing a remote package via a specified URL "pacman -U <url>" due to an unsanitized file name received from a Content-Disposition header.
network
pacman-project CWE-22
critical
 9.3
9.3